package cn.cmcc.intertelecom.utils;


import java.util.ArrayList;
import java.util.Date;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.After;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

import cn.cmcc.intertelecom.bean.Daily;
import cn.cmcc.intertelecom.bean.Msg;
import cn.cmcc.intertelecom.bean.Power;
import cn.cmcc.intertelecom.bean.PowerGroup;
import cn.cmcc.intertelecom.bean.RoleGroup;
import cn.cmcc.intertelecom.bean.User;
import cn.cmcc.intertelecom.service.DailyService;
import cn.cmcc.intertelecom.service.PowerGroupService;
import cn.cmcc.intertelecom.service.PowerService;
import cn.cmcc.intertelecom.service.RoleGroupService;

/**
 * 用于获取访问的模块 生成日志存入数据库 
 * @author wp
 *
 */

@Aspect
@Component
public class DailyAspect  {
	@Autowired
	private RoleGroupService roleGroupService;
	@Autowired
	private PowerGroupService powerGroupService;
	@Autowired
	private PowerService powerService;
	@Autowired
	private DailyService dailyService;
	
	@Pointcut("execution(* cn.cmcc.intertelecom.controller.*.save*(..))"
	          
	            + "||execution(* cn.cmcc.intertelecom.controller.*.query*(..))"
	            + "||execution(* cn.cmcc.intertelecom.controller.*.del*(..))"
	         
	          
	          
	            + "||execution(* cn.cmcc.intertelecom.controller.*.update*(..))")
	 public void ControllerAspect(){}

	
	/**
	 * 设置权限访问 并记录日志
	 * @param pjp
	 * @return
	 * @throws Throwable
	 */
	@Around("ControllerAspect()")
    public Object checkPower(ProceedingJoinPoint pjp) throws Throwable {
		//获取需要访问的权限名称
	    String power = WEBUtils.getAccessPower(pjp);
	    if( power ==null){
	    	//不做记录直接放行
	    	return pjp.proceed();
	    }
	    ////根据已知权限从 权限表中查询 权限所在的模块
	    Power tb_power=powerService.selectPowerByPowerStr(power);
	    //获取已登录的用户
	    User loginUser=WEBUtils.getLoginUser();
	    //如何loginUser==null  也就是未登录  提示登录
	    if(loginUser ==null){
	    	return Msg.fail().add("msg", "抱歉，请登录 ");
	    }
	    
	  //若该用户是 管理员 则拥有所以操作的权限
	 	if(loginUser.getUserType() .equals("0")){
	 		//执行操作
	 		Object result= pjp.proceed();
	 		//后置通知 记录日志
	 		Daily daily = new Daily(null, loginUser.getId(), tb_power.getModuleId(), tb_power.getPower(), new Date());	
	 		//将日志存入数据库
	 		dailyService.insertDaily(daily);
	 		return result;
	  	}
	  		
	  	//根据用户id 获取角色-用户映射表中 关于此用户的数据
	  	List<RoleGroup> roleGroup = roleGroupService.getRoleByUserId(loginUser.getId());
	  	List<Integer> roleIds=new ArrayList<>();
	  	for (RoleGroup r : roleGroup) {
	  	   roleIds.add(r.getRoleId());
	  	}
	  	//根据角色的id 获取 角色-权限 映射表中的 所以权限
	  	List<PowerGroup> powerGroup = powerGroupService.selectPowersByRoles(roleIds);
	  	for (PowerGroup p : powerGroup) {
	  	   //判断该角色是否有 此操作的权限，则放行, 
	  		if (p.getPower().equals(power)) {
	  			//拥有访问的权限 执行操作
		 		Object result= pjp.proceed();
		 		//后置通知 记录日志
		 		Daily daily = new Daily(null, loginUser.getId(), tb_power.getModuleId(), tb_power.getPower(), new Date());	
		 		//将日志存入数据库
		 		dailyService.insertDaily(daily);
		 		return result;
	  		}
	  	}
	  	//若 该 角色 没有此操作的权限 返回界面
	  	return Msg.fail().add("msg", "抱歉，您没有此操作的权限！");
    }
}

